cgi-io: add download operation
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years ago cgi-io: implement exec action
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years ago |
|
- #
- # Copyright (C) 2015 OpenWrt.org
- #
- # This is free software, licensed under the GNU General Public License v2.
- # See /LICENSE for more information.
- #
-
- include $(TOPDIR)/rules.mk
-
- PKG_NAME:=cgi-io
- PKG_RELEASE:=20
-
- PKG_SOURCE_PROTO:=git
- PKG_SOURCE_URL=$(PROJECT_GIT)/project/cgi-io.git
- PKG_SOURCE_DATE:=2021-09-08
- PKG_SOURCE_VERSION:=98cef9dda63623eff07bd574ad7c98ef282af18d
- PKG_MIRROR_HASH:=dfbec859e261ef6851f76474739c19baaadc1e5cd3ae2d2b9d56a7782ac79963
- CMAKE_INSTALL:=1
-
- PKG_LICENSE:=GPL-2.0-or-later
- PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>
-
- include $(INCLUDE_DIR)/package.mk
- include $(INCLUDE_DIR)/cmake.mk
-
- define Package/cgi-io
- SECTION:=net
- CATEGORY:=Network
- SUBMENU:=Web Servers/Proxies
- DEPENDS:=+libubox +libubus
- TITLE:=CGI utility for handling up/downloading of files
- endef
-
- define Package/cgi-io/description
- This package contains an cgi utility that is useful for up/downloading files
- endef
-
- define Package/cgi-io/install
- $(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
- $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
- $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-download
- $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
- $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-exec
- endef
-
- $(eval $(call BuildPackage,cgi-io))
|